On Saturday 29 August 2020 04:04:55 Dr. Nikolaus Klepp wrote:
#1 - When installing, I deliberately chose *not* to set a root password; since nobody else ever gets to touch my system, it is enough that my user password is granted root privileges when I use sudo or su.
Always set a root password, even it's 123456789. Not all programs accept root without password.
Yeah, I tried that, but I always end up with this same problem. When I tried setting a root password before (because it always seemed like the *right* answer), I got this same result.
When I made the move from Kubuntu to Debian, I went through this root-password thing at least 5 or 6 times. I always ended up with a system where I could not be granted admin or root privileges ... EXCEPT in a sudo su shell! So that's what I usually do: I create a sudo su shell, then exit and allow permissions to expire, then when I need quick access again, I just hit my UP arrow key, re-enter password, and go back into sudo su to kill something or whatever else needs immediate attention.
Now, it would be nice to crack this nut, once and for all, but I don't want to keep asking my own machine for permission to do things. The question is, which of us is master?
Hm. I'm quite sure I'm master on my systems, but that could be a delusion ...
What I have not understood yet: you can get root access from terminal with "su" or you have to use "sudo bash" ?
Thanks, Nik! I'm glad somebody is willing to explain this to me like I am a child. I probably ought to have got this years and years ago, but since I don't need it so much in a group setting, or office, I could put it off.
Some of this discussion has been superseded by another email, as they crossed paths.
However, in answer to this point: When I open a terminal, type "sudo su", I can enter my password, and then I am root. I can do whatever I want to my system, no matter how ill-conceived and dangerous. However, I cannot use it to launch gui programs, only to run some root commands, such as when I want to run pkill to kill several processes all at once, because they relate to something else that is running away.
When I am done, I type exit, or I can even kill su processes, rather than waiting for permissions to expire.
But when I (was) try(ing) to run a gui program (for example, gufw), I would be asked for my password, then told that it was incorrect. I have set my system not to allow root logins. There is no separate admin apart from the present author, although I cannot just do anything; I still must enter my password to become su.
However, without having installed quite all the trinity-sudo packages, I was denied root permissions, except in the shell, by running "sudo su".
Sorry for the tedious details, but I do want to get to the bottom of this issue, even though it may be self-inflicted.
Bill
Anyway, so now, suddenly, I am asked for the root password in order to run gufw and other such stuff. But when I enter my password, I get a message that the password is incorrect. This happened before, long ago, when I first switched from (k)ubuntu to debian; debian seems to have a stricter default policy, which is probably a good thing, and I probably ought to get the hang of this thing, right?
So I need an easier solution than whatever this is that I am doing (or not doing). I have been combing through my Linux pocket guide and Linux in a Nutshell and Linux Bible, etc., but they all say the same thing, and none of them work.
#2 - I still want a graphical firewall that runs like the old Firestarter; gufw isn't quite what I want, or maybe I just haven't yet configured it properly.
didn't know Firestarter, but it loks nice for a firewall. I have to admit I don't like linux firewall (I prefer the BSD way). Anyway, I use "ufw" - it has a nice GUI, depending on your text editor :)
What I want is not just a GUI, but instead, one that displays *active connections* as they appear and disappear, and allows changing rules on the fly. Is there such a thing?
"fierwall-applet" could be what you want, but it drags in a hole bunch of things.
Will check it out, thanks.
Running it in a terminal would suit me just fine, so long as it is a dynamic display of active connections as they occur. Also an easier way to edit iptables. (I read that there is some new "thing" to replace iptables, meaning that ufw and gufw and their kin will all become obsolete very soon, apparently being phased out, and I had a hard time downloading them.)
Another possible fix would be: to pass my firestarter rules (based on iptables) along to ufw/gufw.
gufw? a gui for ufw? Abomoination! That could definitly be done. Are you in for a bit of shell black magic?
I am always prepared for some black magic. That is why I keep my *Linux in a Nutshell* grimoire always close to hand. Oh, and salt, burning sulfur, candles and incense, and some cats.
I used to keep goats and chickens, but nowadays my landlord is always complaining.
Seriously, whatever you can recommend to get me back "in control" of the Mother Ship.
Thanks a bunch!
But anyway, what I want is to see my active connections. (See enclosed screenshot.)
Any help or comments or suggestions are appreciated. If not, at least a good joke.
Windows guys suggest to run a firewall in amazon cloud and send all your network through it. I still have not figured out if tis is a bad joke or that they actully do, but I have the strong feeling this is a seriouse advise (there are commertial offers for this kind of stuff).
It sounds like these kids forget everything about security, privacy, whenever somebody says the word "cloud" -- then it's all okay.
Bill
P.S. The worst insult is, just before my upgrade, I had got my Jessie system fine-tuned to near-perfection, and was feeling rather smug and virtually bulletproof. On the bright side: Beowulf/Buster does seem to run better, overall, except for when I can't get it to DO WHAT I WANT.
:-\
See screenshot for firewall example.
To unsubscribe, e-mail: trinity-users-unsubscribe@lists.pearsoncomputing.net For additional commands, e-mail: trinity-users-help@lists.pearsoncomputing.net Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
--------------------------------------------------------------------- To unsubscribe, e-mail: trinity-users-unsubscribe@lists.pearsoncomputing.net For additional commands, e-mail: trinity-users-help@lists.pearsoncomputing.net Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting